Hi, I'm still having trouble getting time synchronization to work with SuSEfirewall2. First, if I turn off the firewall, the following script works fine. When I turn on the firewall, I get an error: "No suitable server found for synchronization"; and packets to port 123 get dropped, even though I tell the firewall to allow them. What's going on? #the timeset script ################################################# #!/bin/sh ntpdate -b -v 'time-nw.nist.gov' hwclock --systohc ################################################## In my firewall2 config file #################################################### FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain ntp 123" #################################################### My firewall log shows this: #################################################### Oct 13 05:54:46 zentara kernel: SuSE-FW-DROP-DEFAULTIN=ppp0 OUT= MAC= SRC=131.107.1.10 DST=67.243.199.204 LEN=76 TOS=0x10 PREC=0x00 TTL=14 ID=14545 PROTO=UDP SPT=123 DPT=123 LEN=56 Oct 13 05:54:47 zentara kernel: SuSE-FW-DROP-DEFAULTIN=ppp0 OUT= MAC= SRC=131.107.1.10 DST=67.243.199.204 LEN=76 TOS=0x10 PREC=0x00 TTL=14 ID=18694 PROTO=UDP SPT=123 DPT=123 LEN=56 Oct 13 05:58:26 zentara kernel: SuSE-FW-ACCEPTIN=ppp0 OUT= MAC= SRC=198.6.1.218 DST=67.243.199.207 LEN=156 TOS=0x00 PREC=0x00 TTL=245 ID=55897 DF PROTO=UDP SPT=53 DPT=1024 LEN=136 Oct 13 05:58:27 zentara kernel: SuSE-FW-DROP-DEFAULTIN=ppp0 OUT= MAC= SRC=131.107.1.10 DST=67.243.199.207 LEN=76 TOS=0x10 PREC=0x00 TTL=14 ID=34218 PROTO=UDP SPT=123 DPT=123 LEN=56 Oct 13 05:58:28 zentara kernel: SuSE-FW-DROP-DEFAULTIN=ppp0 OUT= MAC= SRC=131.107.1.10 DST=67.243.199.207 LEN=76 TOS=0x10 PREC=0x00 TTL=14 ID=38299 PROTO=UDP SPT=123 DPT=123 LEN=56 #################################################### So I have ntp and 123 in the list to accept, but they get dropped. Why? It's just a minor annoyance, the firewall works fine otherwise, but it bugs the heck out of me, that it dosn't do what it's told to do. -- use Perl; #powerful programmable prestidigitation
On Sunday 13 October 2002 10:21, zentara wrote:
Hi, I'm still having trouble getting time synchronization to work with SuSEfirewall2.
First, if I turn off the firewall, the following script works fine. When I turn on the firewall, I get an error: "No suitable server found for synchronization"; and packets to port 123 get dropped, even though I tell the firewall to allow them.
I had this problem. I went into yast2, System, Editor for /etc/sysconfig. Then, Firewall, Susefirewall2, Services, External. I added 123 in FW_SERVICES_EXT_DUP. Needless to say, as a newbie, I didn't really have a clue what I was doing, but it now works. Cheers, TonyB
The 02.10.13 at 06:21, zentara wrote:
Hi, I'm still having trouble getting time synchronization to work with SuSEfirewall2.
First, if I turn off the firewall, the following script works fine. When I turn on the firewall, I get an error: "No suitable server found for synchronization"; and packets to port 123 get dropped, even though I tell the firewall to allow them. What's going on?
[...]
In my firewall2 config file #################################################### FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain ntp 123"
I guess the the "123" above has no sense, it is not a high port. You need "yes" or "ntp" above, and you also need: FW_SERVICES_EXT_UDP="123" -- Cheers, Carlos Robinson
participants (3)
-
Carlos E. R.
-
Tony Bloomfield
-
zentara